Light-weight proactive approach for safe execution of untrusted code

Loading...
Thumbnail Image
Authors
Chandwani, Anupama Laxman
Issue Date
1-May-10
Type
Thesis
Language
en_US
Keywords
Research Projects
Organizational Units
Journal Issue
Alternative Title
Abstract
Today's malware attacks are cleverly crafted and cause huge loss of resources. Existing proactive defense mechanisms against malware include isolation, sandboxing, information flow tracking, etc. These mechanisms completely block information flow on the system. But sometimes we do need the functionality provided by software from untrusted or unknown sources that are not malicious. The problem that we try to solve here is of executing this untrusted code on a real system so that it can coexist with other applications in the same environment, thus allowing safe information flow. At the same time we want to protect the system so that it does not get compromised due to untrusted information. Available approaches for information flow tracking are intrusive and require significant kernel changes, thus making them difficult to port and maintain across different operating systems or even newer version of the same OS. We propose a light-weight approach, based on userid, for proactive integrity protection and safe execution of untrusted code. We mediate all information flow in the system in order to provide protection from sophisticated malware and attacks.
Description
Citation
Publisher
The Graduate School, Stony Brook University: Stony Brook, NY.
License
Journal
Volume
Issue
PubMed ID
DOI
ISSN
EISSN